//管理端登录验证
'use strict';
let jwt = require('jsonwebtoken');
let loginDao = require('../model/admin/login');

module.exports = async function (req, res, next) {
  if (!req.session.user || req.session.user.role != 'admin') {
    res.redirect('/login');
    return;
  }
  //验证登录唯一性
  let api_token = req.session.user.api_token;
  let decoded = jwt.decode(api_token, {
    complete: true
  });
  //验证token 是否过期
  let validationApiToken = await loginDao.validationApiToken(decoded.payload.userId, api_token);
   if(validationApiToken.length<=0){
            delete req.session.user;    //删除当前用户session
            await res.redirect('/login')     //重定向到登录界面
   }

  next();
};